CVE-2025-38746

Low CVSS 3.5

Overview

Dell SupportAssist OS Recovery, versions prior to 5.5.14.0, contains an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure.

CWE: CWE-200 Published: 2025-08-06T20:15:27.940

Risk analysis

This vulnerability is rated 🟢 LOW.

CVSS: 3.5 (LOW)
Detected tags: info_leak, unauth_access (tag impact: HIGH)

Recommended actions:

Reduce verbose errors, remove debug endpoints, minimize PII in logs.
Enforce authentication/authorization; reduce default endpoint exposure.

Overview

Recommended tools

Tags